Re: 2.4.18 fork & defunct child.

From: Keith Whyte
Date: Mon Nov 17 2003 - 19:29:29 EST


Edgar Toernig wrote:

{ strace listing deleted, see http://marc.theaimsgroup.com/?l=linux-kernel&m=106905386725308&w=2 }

That is not normal /bin/true behaviour. Sure your system
isn't hacked? Give the -f option to ptrace to see what the
forked process is trying to do... Compare the size of
/bin/true with a known-good one.

Ciao, ET.


I'm not sure. I should be running tripwire or something, this is the only one of my systems that doesn't run such a thing, as i have the firewall locked down and have been busy.
But it is true i accidently did iptables -F and it was left that way for a few days.

But this happens with any program, not just /bin/true, also the /bin/true on the root and chroot systems are identical. and with much interest i discovered, that if i unmount /proc, the problem goes away. aggh.

that is why it is not exhibiting itself in the chroot system, - no /proc.

I also remember that when this first happen nearly a year ago, some "unix engineer" at the ISP said, oh yeah that's because something in the ext2 filesystem header is corrupted.. i don't quite remember what he said exactly, something that sounded so far fetched that i ignored it. does that ring any bells with anyone?

please help, ug, i hate having a linux system that's not reliable. feels like having a pet that's in pain or something.

btw,
/lib/libc.so.6 -> libc-2.2.5.so

Keith

(i'm cross-posting here to gcc and admin in the hopes of finding someone who has seen this, thanks!)



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/